Larry Maturo wrote:

> Hi Alias,

>

> You wrote:

> Fact is that Windows is MUCH more susceptible than Ubuntu and, in the

> unlikely case that one's Ubuntu box has become infected, all one need do

> is nuke the user, create another one and restore the back up.

>

> Fact is, you are telling the unwashed masses to use Ubuntu. If they do, you

> can bet they won't have that backup. Also, if your campign succeeds, then

> virus, rootkit, and malware authors will start hitting Linux, so watch what

> you

> wish for.

>

> -- Larry Maturo

 

Interesting speculation. Too bad it's only that: speculation.

 

Alias

>

> "Alias" <aka@maskedandanonymous.info> wrote in message

> news:eDCvIqwvHHA.4384@TK2MSFTNGP02.phx.gbl...

>> Mike Hall - MVP wrote:

>>> Alias

>>>

>>> You are way too smug regarding how safe you believe Linux/Unix to be..

>>>

>>> One of the articles below explains how a Linux system can be a virus

>>> carrier without the user ever knowing.. this situation is every bit as

>>> bad as a Windows system that has been breached.. the others are from

>>> different years, but all alerting to the fact that Linux/Unix and MAC are

>>> not 100% virus immune..

>>>

>>> I have yet to come across a 'true' Linux professional who would put their

>>> name to the misleading claims made by you.. your anti-MS stance is

>>> blinding you to the realities of ANY OS.. that makes you dangerous..

>> Care to give me proof that a Linux box has been compromised? Can't? Didn't

>> think so. Shall we compare the number of Windows boxes that are a part of

>> a bot-herd to Linux? Didn't think so.

>>

>> Fact is that Windows is MUCH more susceptible than Ubuntu and, in the

>> unlikely case that one's Ubuntu box has become infected, all one need do

>> is nuke the user, create another one and restore the back up.

>>

>> Alias

>>>

>>> "Alias" <aka@maskedandanonymous.info> wrote in message

>>> news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

>>>> Richard Urban wrote:

>>>>> Alias doesn't know about the history of his operating system of choice

>>>>> to know that rootkits were developed for Unix and are 100% effective in

>>>>> Linux/Ubuntu.

>>>>>

>>>> Yet there are no reports of this possibility happening so go figure.

>>>>

>>>> Alias

>

>

Jupiter Jones [MVP] wrote:

> Alias

> It seems you have a problem with Frank and yet you use what he does as a

> standard for your own behavior.

> Neither of you have reason to be outraged at the other since you both

> stoop so low.

> Right now you both can look in a mirror and see each other as yourselves.

>

> Perhaps you should set a higher standard than those who do what you detest.

> No double standard, it seems you are the one going lower to meet that

> standard.

>

> Anyone that needs to insult others has already lost since at that point

> it is obvious they are to insecure in their ideas to let them stand on

> the facts.

>

> He may have always been the way he is, you on the other hand are getting

> worse and risk plunging below his level and your new standard.

>

> Is that post of yours representative of the Linux community?

> Why or why not?

>

 

Like I said, a double standard. If I defended Windows as much as Frank

does, you wouldn't have said squat.

 

Alias

Mike Hall - MVP wrote:

> Alias

>

> You are way too smug regarding how safe you believe Linux/Unix to be..

>

> One of the articles below explains how a Linux system can be a virus

> carrier without the user ever knowing.. this situation is every bit as

> bad as a Windows system that has been breached.. the others are from

> different years, but all alerting to the fact that Linux/Unix and MAC

> are not 100% virus immune..

>

> I have yet to come across a 'true' Linux professional who would put

> their name to the misleading claims made by you.. your anti-MS stance is

> blinding you to the realities of ANY OS.. that makes you dangerous..

 

I agree that the blind advocacy is harmful and that nothing is a 100%

guaranteed, but in terms of having and using virus scanners and such on

linux, there seems to be little concern about viruses/worms and other

malware in terms of linux becoming infected, and doing any real damage

to the os itself and then actually passing itself along. It seems more

the issue of a linux user passing along unknowingly something that has

no affect on linux but would be a problem with windows. An example might

be any number of email transmitted viruses/worm malware that could be

clicked all day or run through a linux machine without issue, but could

be passed along on a forwarded email to do damage on a windows machine.

In such a case, an anti-virus/anti-malware programs would not be a waste

on linux. I know this is an oversimplification, but it seems to be a

larger concern at this point, anyway.

>

>

> "Alias" <aka@maskedandanonymous.info> wrote in message

> news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

>> Richard Urban wrote:

>>> Alias doesn't know about the history of his operating system of

>>> choice to know that rootkits were developed for Unix and are 100%

>>> effective in Linux/Ubuntu.

>>>

>>

>> Yet there are no reports of this possibility happening so go figure.

>>

>> Alias

>

 

 

--

norm

Mike Hall - MVP wrote:

> Because the user gives it permission, albeit unwittingly? How do you

> think systems get infected?

>

> Re proof, two of us have provided reading material from Linux sources..

> can you not read and comprehend them?

>

>

> "Alias" <aka@maskedandanonymous.info> wrote in message

> news:uxAiWXxvHHA.4384@TK2MSFTNGP02.phx.gbl...

>> MICHAEL wrote:

>>>

>>> * Alias:

>>>> MICHAEL wrote:

>>>>> * Alias:

>>>>>> Back to the present. Use Ubuntu and never worry about a virus,

>>>>>> root kit or any other

>>>>>> malware. http://www.ubuntu.com/

>>>>> http://www.sans.org/reading_room/whitepapers/linux/901.php

>>>>> Linux RootKits For Beginners - From Prevention to Removal

>>>>>

>>>>> One day while reading a mail list for the Linux Users Group in my

>>>>> hometown I discovered a call

>>>>> for help. It was a posting from a novice Linux user with a

>>>>> disturbing issue. While doing some

>>>>> routine checks on a Linux system, he found a user that had been

>>>>> added to the system with the

>>>>> user id of 0 (root). His first thought was that it might be a

>>>>> rootkit. He wanted to know what

>>>>> he could do to verify it was a rootkit and how to remove it from

>>>>> the system. He further asked

>>>>> for suggestions on preventative measures to ensure this kind of

>>>>> attack does not reoccur. That

>>>>> situation prompted me to write this paper to an understanding of

>>>>> rootkits and its effects. This

>>>>> paper will also discuss how to monitor for a rootkit, and the steps

>>>>> that need to be taken to

>>>>> remove one.

>>>>>

>>>> I never said that a firewall wasn't necessary. Ubuntu comes with one

>>>> built-in. I would also recommend a router hard firewall.

>>>

>>> "Use Ubuntu and never worry about a virus, root kit

>>> or any other malware." -Alias

>>>

>>> You said "never", you were wrong.

>>>

>>> "Absolute truth" is for absolute fools.

>>>

>>>

>>> -Michael

>>

>> Is there an echo in here? If one has Ubuntu that comes with a firewall

>> and a router with a firewall how, pray tell, will anyone install a

>> root kit?

>>

>> Alias

>

There are several ways I have seen Linux systems be compromised.

 

1. Through an application that has security issues, such as older

versions of Apache or BIND or even javascript.

 

2. Weak SSH passwords. This is an attack vector many new users fail to

protect.

 

3. Through installations of unknown software that might contain a root kit

 

 

 

3.

Please clear the facts.

What % of new Linux users have never owned a computer?

What % of new Windows users have never owned a computer?

 

What is the average computer experience of a new Windows user?

What is the average computer experience of a new Linux user?

 

Give us these facts and end the speculation.

Many Linux advocates seem to base much of what they say on the above

being equal for both platforms.

I suspect these differences explain what I NEVER hear Linux advocates

say.

 

Waiting for your facts...

 

--

Jupiter Jones [MVP]

http://www3.telus.net/dandemar

http://www.dts-l.org

 

 

"Alias" <aka@maskedandanonymous.info> wrote in message

news:e4vbqoyvHHA.4132@TK2MSFTNGP02.phx.gbl...

> Larry Maturo wrote:

>> Hi Alias,

>>

>> You wrote:

>> Fact is that Windows is MUCH more susceptible than Ubuntu and, in

>> the

>> unlikely case that one's Ubuntu box has become infected, all one

>> need do

>> is nuke the user, create another one and restore the back up.

>>

>> Fact is, you are telling the unwashed masses to use Ubuntu. If

>> they do, you

>> can bet they won't have that backup. Also, if your campign

>> succeeds, then

>> virus, rootkit, and malware authors will start hitting Linux, so

>> watch what you

>> wish for.

>>

>> -- Larry Maturo

>

> Interesting speculation. Too bad it's only that: speculation.

>

> Alias

>>

>> "Alias" <aka@maskedandanonymous.info> wrote in message

>> news:eDCvIqwvHHA.4384@TK2MSFTNGP02.phx.gbl...

>>> Mike Hall - MVP wrote:

>>>> Alias

>>>>

>>>> You are way too smug regarding how safe you believe Linux/Unix to

>>>> be..

>>>>

>>>> One of the articles below explains how a Linux system can be a

>>>> virus carrier without the user ever knowing.. this situation is

>>>> every bit as bad as a Windows system that has been breached.. the

>>>> others are from different years, but all alerting to the fact

>>>> that Linux/Unix and MAC are not 100% virus immune..

>>>>

>>>> I have yet to come across a 'true' Linux professional who would

>>>> put their name to the misleading claims made by you.. your

>>>> anti-MS stance is blinding you to the realities of ANY OS.. that

>>>> makes you dangerous..

>>> Care to give me proof that a Linux box has been compromised?

>>> Can't? Didn't think so. Shall we compare the number of Windows

>>> boxes that are a part of a bot-herd to Linux? Didn't think so.

>>>

>>> Fact is that Windows is MUCH more susceptible than Ubuntu and, in

>>> the unlikely case that one's Ubuntu box has become infected, all

>>> one need do is nuke the user, create another one and restore the

>>> back up.

>>>

>>> Alias

>>>>

>>>> "Alias" <aka@maskedandanonymous.info> wrote in message

>>>> news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

>>>>> Richard Urban wrote:

>>>>>> Alias doesn't know about the history of his operating system of

>>>>>> choice to know that rootkits were developed for Unix and are

>>>>>> 100% effective in Linux/Ubuntu.

>>>>>>

>>>>> Yet there are no reports of this possibility happening so go

>>>>> figure.

>>>>>

>>>>> Alias

>>

* Mr. Happy:

> MICHAEL wrote:

>

>>

>> * Alias:

>>> MICHAEL wrote:

>>>> * Alias:

>>>>> MICHAEL wrote:

>>>>>> * Alias:

>>>>>>> Back to the present. Use Ubuntu and never worry about a virus, root kit or any

>>>>>>> other malware. http://www.ubuntu.com/

>>>>>> http://www.sans.org/reading_room/whitepapers/linux/901.php Linux RootKits For

>>>>>> Beginners - From Prevention to Removal

>>>>>>

>>>>>> One day while reading a mail list for the Linux Users Group in my hometown I

>>>>>> discovered a call for help. It was a posting from a novice Linux user with a

>>>>>> disturbing issue. While doing some routine checks on a Linux system, he found a

>>>>>> user that had been added to the system with the user id of 0 (root). His first

>>>>>> thought was that it might be a rootkit. He wanted to know what he could do to

>>>>>> verify it was a rootkit and how to remove it from the system. He further asked for

>>>>>> suggestions on preventative measures to ensure this kind of attack does not

>>>>>> reoccur. That situation prompted me to write this paper to an understanding of

>>>>>> rootkits and its effects. This paper will also discuss how to monitor for a

>>>>>> rootkit, and the steps that need to be taken to remove one.

>>>>>>

>>>>> I never said that a firewall wasn't necessary. Ubuntu comes with one built-in. I

>>>>> would also recommend a router hard firewall.

>>>> "Use Ubuntu and never worry about a virus, root kit or any other malware." -Alias

>>>>

>>>> You said "never", you were wrong.

>>>>

>>>> "Absolute truth" is for absolute fools.

>>>>

>>>>

>>>> -Michael

>>> Is there an echo in here?

>> Only the echoes of your foolish nonsense.

>>

>>> If one has Ubuntu that comes with a firewall

>> So does Vista.

>>

>>> and a router with a firewall how, pray tell, will anyone install a root kit?

>> You never stated that in your original reply.

>>

>> "Use Ubuntu and never worry about a virus, root kit or any other malware." -Alias

>>

>> I see no mention of using additional security measures.

>>

>> Now you bring up the "ifs". If a Window user properly secures their machine, they will

>> not suffer from rootkits, either.

>>

>> Amazing that there are programs for Linux rootkit removal when there are no Linux machines

>> getting infected.

>>

>> Amazing such warnings, as the below, exist if no Linux users were being infected.

>>

>> http://www.juniper.net/security/auto/vulnerabilities/vuln734.html Severity: HIGH

>> Description: The Satori Linux Rootkit is a collection of publicly available Trojan

>> utilities that target Linux systems. It is also known as Linux Rootkit 4 and is

>> distributed by The Crackers Layer.

>

> Please, at least try and stay current. Linux Rootkit IV was released in November 26,

> 1998!!!! Really had to scratch around the Net to find one?

>

> http://www.ossec.net/rootkits/studies/lrk5.txt

 

My problem with Alias is that he spoke in absolute terms,

as if was impossible to for Linux to be infected by viruses,

trojans, worms, or rootkits... he was wrong.

 

The fact that there haven't been many major efforts at creating Linux worms

isn't proof that they are impossible.

 

http://www.ossec.net/rootkits/

 

http://searchenterpriselinux.techtarget.com/qna/0,289202,sid39_gci954631,00.html

They may not have the infamy of Code Red and Nimda, but there are Linux viruses and worms in

the wild. Here are some of the more infamous pieces of malicious code that have a taste for Linux:

 

Slapper: The most dangerous Linux worm it's network-aware and in August 2002 it exploited a

flaw in OpenSSL libraries in Apache servers with OpenSSL enabled.

 

Bliss: Also a well-known bug, it infects ELF executables, locating binaries with write access

and overwrites those with its own code.

 

Lindose: A rare cross-platform scourge, able to jump Windows PE and Linux ELF executables. It's

a proof-of-concept worm and has not hit the wild.

 

Ramen: Not just a noodle, another network-aware worm jumping from Linux server to server.

 

Staog: Considered the first Linux virus, it infects ELF executables.

 

Typot: A Linux Trojan that does distributed port scanning, generating TCP packets

with a window size of 55808.

-------------------------

http://www.linuxquestions.org/questions/showthread.php?t=399624

 

http://secunia.com/search/?adv_search=1&s=1&search=linux&w=2&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

 

http://secunia.com/search/?adv_search=1&s=1&search=linux&w=1&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

Alias

You need to read my post again.

This time read the entire post instead of selectively.

 

Like I said...

What do you base your standard?

 

--

Jupiter Jones [MVP]

http://www3.telus.net/dandemar

http://www.dts-l.org

 

 

"Alias" <aka@maskedandanonymous.info> wrote in message

news:%23zRvVpyvHHA.4132@TK2MSFTNGP02.phx.gbl...

> Like I said, a double standard. If I defended Windows as much as

> Frank does, you wouldn't have said squat.

>

> Alias

* Alias:

> MICHAEL wrote:

>> * Alias:

>>> Frank wrote:

>>>> Alias wrote:

>>>>

>>>>> Kerry Brown wrote:

>>>>>

>>>>>> "Alias" <aka@maskedandanonymous.info> wrote in message

>>>>>> news:u9nl1pvvHHA.3588@TK2MSFTNGP06.phx.gbl...

>>>>>>

>>>>>>> Back to the present. Use Ubuntu and never worry about a virus, root

>>>>>>> kit or any other malware. http://www.ubuntu.com/

>>>>>>>

>>>>>>> Alias

>>>>>> Where do you think the term "root kit" came from? Is there a root

>>>>>> user in Windows?

>>>>>>

>>>>> Hence the need for a firewall which Ubuntu provides. Oops.

>>>>>

>>>>> Alias

>>>> Oops...Oops...Oops...could you possibly shove your feet any further down

>>>> your throat?

>>> Um, I never said a firewall wasn't necessary and thinking about it isn't

>>> either being as it comes bundled with Ubuntu.

>> Vista also comes with a firewall.

>>

>>>> Try harder!

>>>> Oops!

>>>> You're a real side show freak.

>>>> Frank

>> I removed the your other remark about Frank,

>> you should remove the post.

>>

>> I would have thought such was not even possible from you.

>>

>>

>> -Michael

>

> Let's see. Frank lies about me and says I am a side show freak and a

> fugitive and you say nothing. I strike back and you have a hissy fit.

 

Little man, you are not worth any type of "fit".

 

It's simple, you crossed the line.

 

I'm done with you. No promises, just simple fact.

 

 

-Michael

It is a concern for Windows users too.. it is possible for a Windows

computer to spread stuff in the same way, all without user knowledge.. this

is why we advocate the use of as much security as possible..

 

If a single system is infected and that is where it ends, it can be cleaned

out easily enough.. where a virus or trojan is designed to send out data

specifically to induce as many computers as possible to spew out endless

e-mails with a view to clogging up the internet and internal networks, that

is a very serious problem indeed, especially where it is happening on a

system platform that the user thinks is not affected by virus, trojan,

rootkits et al..

 

 

"norm" <noone@afakeddomain.net> wrote in message

news:eA$8qsyvHHA.4516@TK2MSFTNGP06.phx.gbl...

> Mike Hall - MVP wrote:

>> Alias

>>

>> You are way too smug regarding how safe you believe Linux/Unix to be..

>>

>> One of the articles below explains how a Linux system can be a virus

>> carrier without the user ever knowing.. this situation is every bit as

>> bad as a Windows system that has been breached.. the others are from

>> different years, but all alerting to the fact that Linux/Unix and MAC are

>> not 100% virus immune..

>>

>> I have yet to come across a 'true' Linux professional who would put their

>> name to the misleading claims made by you.. your anti-MS stance is

>> blinding you to the realities of ANY OS.. that makes you dangerous..

>

> I agree that the blind advocacy is harmful and that nothing is a 100%

> guaranteed, but in terms of having and using virus scanners and such on

> linux, there seems to be little concern about viruses/worms and other

> malware in terms of linux becoming infected, and doing any real damage to

> the os itself and then actually passing itself along. It seems more the

> issue of a linux user passing along unknowingly something that has no

> affect on linux but would be a problem with windows. An example might be

> any number of email transmitted viruses/worm malware that could be clicked

> all day or run through a linux machine without issue, but could be passed

> along on a forwarded email to do damage on a windows machine. In such a

> case, an anti-virus/anti-malware programs would not be a waste on linux. I

> know this is an oversimplification, but it seems to be a larger concern at

> this point, anyway.

>>

>>

>> "Alias" <aka@maskedandanonymous.info> wrote in message

>> news:eS2gVRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

>>> Richard Urban wrote:

>>>> Alias doesn't know about the history of his operating system of choice

>>>> to know that rootkits were developed for Unix and are 100% effective in

>>>> Linux/Ubuntu.

>>>>

>>>

>>> Yet there are no reports of this possibility happening so go figure.

>>>

>>> Alias

>>

>

>

> --

> norm

 

--

 

 

Mike Hall

MS MVP Windows Shell/User

http://msmvps.com/blogs/mikehall/

Alias wrote:

> Frank wrote:

>

>> Alias wrote:

>>

>>> Frank wrote:

>>>

>>>> Alias wrote:

>>>>

>>>>> Frank wrote:

>>>>>

>>>>>> Alias wrote:

>>>>>>

>>>>>>

>>>>>>>

>>>>>>> Got proof? Didn't think so.

>>>>>>>

>>>>>>

>>>>>> ----------------------------------

>>>>>> Got proof it is? Didn't think so?

>>>>>> You're pathetic!

>>>>>> Frank

>>>>>

>>>>>

>>>>>

>>>>>

>>>>> Um, insults and a lack of reading comprehension on your part do not

>>>>> qualify as proof.

>>>>>

>>>>> Alias

>>>>

>>>>

>>>> --------------------------

>>>>

>>>> How stupid can one person be? hahaha...no need to ask. Hey butt

>>>> munch, prove your statement or STFU!

>>>> Frank

>>>

>>>

>>>

>>> Um, insults and a lack of reading comprehension on your part do not

>>> qualify as proof.

>>>

>>> Alias

>>

>>

>> Stop back pedaling bozo and just provide the proof...or else craw back

>> under that rock you keep coming out from under and stay there!

>> Frank

>

>

> You need to provide the proof, not me.

>

> Alias

 

Uhhh...are you dumber that dumb...you're the one making the

claim...prove it or look look the fool your really are.

Frank

Alias wrote:

> Frank wrote:

>

>> Alias wrote:

>>

>>

>>>

>>>

>>> Word has it that you're a pedophile.

>>

>>

>> ------------------------------------------------

>>

>> Sorry pal not my bag but it appears the guilt of your sins can't keep

>> your mouth shut, huh?

>> You are a admitted pedophile.

>> That's why you won't use your real name.

>> You've got wants & warrants out for you for molesting children in the

>> USA!

>> They tolerate that crap in spain?

>> I hope the parents or relatives of the kids you're molesting catch you

>> and beat your slim ball a*s to near death.

>> You are a real side show freak!

>> Pathetic...you're absolutely a pathetic human being!

>> Frank

>

>

> Projecting will get you nowhere.

>

> Alias

 

I only hope the authorities get you real soon, you sick POS!

Frank

Mike Hall - MVP wrote:

> Unfortunately, Windows bigots are every bit as misleading as Linux bigots..

>

> The common denominator here is the term 'bigot'..

>

>

> "Alias" <aka@maskedandanonymous.info> wrote in message

> news:ueAguRwvHHA.3468@TK2MSFTNGP05.phx.gbl...

>

 

OIC, you are just as misleading as a linux bigot. Makes sense.

 

--

Priceless quotes in m.p.w.vista.general group:

http://protectfreedom.tripod.com/kick.html

 

Most recent idiotic quote added to KICK (Klassic Idiotic Caption Kooks):

"They hacked the Microsoft website to make it think a linux box was a

windows box. Thats called hacking. People who do hacking are called

hackers."

 

"Good poets borrow great poets steal."

- T. S. Eliot

Adam Albright wrote:

> On Thu, 5 Jul 2007 09:35:52 -0400, "Richard Urban"

> <richardurbanREMOVETHIS@hotmail.com> wrote:

>

>> Alias will refuse to believe "any" of this. He has placed his head where the

>> sun doesn't shine.

>

> I don't take anything you say seriously and do wonder how you became a

> MVP since I haven't seen you demonstrate even minimal technical

> knowledge on any topic yet. Who are you trying to fool Richie?

>

 

His name is Dick.

 

--

Priceless quotes in m.p.w.vista.general group:

http://protectfreedom.tripod.com/kick.html

 

Most recent idiotic quote added to KICK (Klassic Idiotic Caption Kooks):

"They hacked the Microsoft website to make it think a linux box was a

windows box. Thats called hacking. People who do hacking are called

hackers."

 

"Good poets borrow great poets steal."

- T. S. Eliot

Obviously this (latest one on June 06 2007 below and many more only for Ubuntu alone and not counting all the other Linux flavors is not advertised by the Linux groups. But if you go to the Ubunto forum there is quite a few that got hit by this. Using Paypal will get you to the proper Linux support to fix the problem. Paypal is Linux's best friend. At the end what is cheaper and more reliable.

 

I have Red Hat installed and believe me it is not free to run even though it is a free download

 

There is nothing that is free today. The same goes for Linux. Have an issue and need a fix it will cost you money. What is cheaper to run, well,, hard to say. They are both about the same in costs one way or another

------------------------------------------------------------------------------------------------------------------------------------------------

Wed, 2007-06-27 00:01. usn

Referenced CVEs:

CVE-2007-2442, CVE-2007-2443, CVE-2007-2798

Description:

=========================================================== Ubuntu Security Notice USN-477-1 June 26, 2007 krb5 vulnerabilities CVE-2007-2442, CVE-2007-2443, CVE-2007-2798 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libkadm55 1.4.3-5ubuntu0.4 Ubuntu 6.10: libkadm55 1.4.3-9ubuntu1.3 Ubuntu 7.04: libkadm55 1.4.4-5ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root privileges. (CVE-2007-2442) Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. (CVE-2007-2443) It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges. (CVE-2007-2798)

 

--

Peter

 

Please Reply to Newsgroup for the benefit of others

Requests for assistance by email can not and will not be acknowledged.

 

"Alias" <aka@maskedandanonymous.info> wrote in message news:%23TkgeoxvHHA.2040@TK2MSFTNGP03.phx.gbl...

> Mike Hall - MVP wrote:

>> Because the user gives it permission, albeit unwittingly? How do you

>> think systems get infected?

>

> There are many ways that Windows boxes get infected.

>

>>

>> Re proof, two of us have provided reading material from Linux sources..

>> can you not read and comprehend them?

>

> Yeah, but no one case was sited.

>

> Alias, still waiting for proof, not theories.

>>

>>

>> "Alias" <aka@maskedandanonymous.info> wrote in message

>> news:uxAiWXxvHHA.4384@TK2MSFTNGP02.phx.gbl...

>>> MICHAEL wrote:

>>>>

>>>> * Alias:

>>>>> MICHAEL wrote:

>>>>>> * Alias:

>>>>>>> Back to the present. Use Ubuntu and never worry about a virus,

>>>>>>> root kit or any other

>>>>>>> malware. http://www.ubuntu.com/

>>>>>> http://www.sans.org/reading_room/whitepapers/linux/901.php

>>>>>> Linux RootKits For Beginners - From Prevention to Removal

>>>>>>

>>>>>> One day while reading a mail list for the Linux Users Group in my

>>>>>> hometown I discovered a call

>>>>>> for help. It was a posting from a novice Linux user with a

>>>>>> disturbing issue. While doing some

>>>>>> routine checks on a Linux system, he found a user that had been

>>>>>> added to the system with the

>>>>>> user id of 0 (root). His first thought was that it might be a

>>>>>> rootkit. He wanted to know what

>>>>>> he could do to verify it was a rootkit and how to remove it from

>>>>>> the system. He further asked

>>>>>> for suggestions on preventative measures to ensure this kind of

>>>>>> attack does not reoccur. That

>>>>>> situation prompted me to write this paper to an understanding of

>>>>>> rootkits and its effects. This

>>>>>> paper will also discuss how to monitor for a rootkit, and the steps

>>>>>> that need to be taken to

>>>>>> remove one.

>>>>>>

>>>>> I never said that a firewall wasn't necessary. Ubuntu comes with one

>>>>> built-in. I would also recommend a router hard firewall.

>>>>

>>>> "Use Ubuntu and never worry about a virus, root kit

>>>> or any other malware." -Alias

>>>>

>>>> You said "never", you were wrong.

>>>>

>>>> "Absolute truth" is for absolute fools.

>>>>

>>>>

>>>> -Michael

>>>

>>> Is there an echo in here? If one has Ubuntu that comes with a firewall

>>> and a router with a firewall how, pray tell, will anyone install a

>>> root kit?

>>>

>>> Alias

>>

On Thu, 05 Jul 2007 13:09:59 -0400, Mike Hall - MVP wrote:

> Look over yonder.. is that hell I see freezing over?

>

> I can just see whoever allowing us to open up a driver file for a two year

> old product and remove the part where is says 'XP only'.. or removing the OS

> specific identifier for a program that allows the burning of CDs.. far

> better we look online or on the racks of our favorite retailer for 'new'

> stuff..

 

I wasn't necessarily referring to older prodcuts. Brand new devices suffer

from the same problem, such as this very new HP Pavilion sitting on my

desk where I am right now messing with it to get the stupid Broadcom

wireless running since Broadcom absolutely refuses to release linux

drivers.

 

The thing about it is, they don't need to release drivers. They don't even

need to support any OS other than windows. A simple document that explains

how to communicate with their hardware would be enough...and people like

me wouldn't take their business elsewhere in the future.

 

I haven't gotten around to buying an Intel wireless card for this laptop

yet.

 

--

Stephan

2003 Yamaha R6

 

å›ã®ã“ã¨æ€ã„出ã™æ—¥ãªã‚“ã¦ãªã„ã®ã¯

å›ã®ã“ã¨å¿˜ã‚ŒãŸã¨ããŒãªã„ã‹ã‚‰

Re: How can Microsoft be proud to market this drivel - Just FYI

 

Why would he want to like Microsoft alot better? Earth to Kevin: Windows

Server is for business users NOT for desktop users. If he has an issue with

Vista he can correct it. Just FYI. If it can't be corrected then he

should go back to XP. Just FYI. This isn't rocket science. Just FYI.

 

Your only help is, wipe out your system and install a Beta version of a

server product. Just FYI. Pretty smart there USPS boy. Just FYI. What

happens when the Beta expires? Just FYI.

 

Should he upgrade to the Server RTM and pay double for the software? Just

FYI.

 

How about antivirus? Just FYI. The server versions are more expensive

than the client versions. Just FYI.

 

Get a clue Kevin, Just FYI.

 

By the way, do I have enough FYI's for you? Just FYI.

 

 

"Kevin John Panzke" <kevpan815@hotmail.com> wrote in message

news:ey$H93xvHHA.5008@TK2MSFTNGP05.phx.gbl...

> Try Out Windows Server 2008 Beta 3 Public Beta, And You Will Like

> Microsoft A Whole Lot Better.

>

> "DanielN" <DanielN@discussions.microsoft.com> wrote in message

> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

>> Hi People,

>>

>> I have been a computer engineer for around 7 years professionally with

>> around 7 years prior to that self teaching myself all I could about

>> Windows.

>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

>> qualified as well.

>>

>> I have used Vista only a couple of times although getting a very bad

>> feeling

>> about it having read many bad things and experiencing some worrying

>> things

>> like it takes more time for vista to spawn and animate the copying file

>> dialog then it does for say windows xp to even have copied the file

>> already.

>> this is only minor though.

>>

>> Today one of my customers who has a vista machine (I dont) got in touch

>> saying windows was bringing up an error saying that:

>>

>> 'Windows explorer has stopped working' and then 'Windows explorer is

>> restarting.'

>>

>> Now I know there is a virus/spyware/adware on it. cause i can see an icon

>> for counterfit antispyware.

>>

>> the problem is even if I go into safemode to clean it (remove program and

>> run scans of various kinds) which would have worked pretty much most of

>> the

>> time in previous versions of windows doesnt work cause you have the same

>> problem.

>>

>> i am getting the feeling MS have screwed up with Vista like they did with

>> Windows ME.

>>

>>

>> I am shocked that years down the line after ME and I am sure MS knew what

>> the score was with ME. They have managed to do it again. They should have

>> stuck with XP - perhaps brought out some addons/updates if they really

>> thought people were desperate for new stuff, and put in some serious work

>> into Vienna. I have heard that there were so many problems with Vista

>> they

>> enlisted the help of the Vienna development team to help fix stuff.

>> Obviously

>> there was to much to fix.

>>

>> Now I have had my little rant. Maybe MS will sort this.

>>

>> My advice demand Win XP Pro on new machines. Do not be told that u must

>> have

>> Vista cause it is the best around.

>>

>> Dan

>>

>> Ps. I have also had a customer have a problem authenticating with a WPA

>> encrypted wireless network as well. Which turned out to be an

>> incompatibility

>> between the wireless card and Vista even though the wireless card was

>> built

>> into the laptop and it had a logo saying it was certified for Vista, and

>> this

>> was a big OEM's laptop. So what hope is there!

>

MICHAEL wrote:

>

> * Mr. Happy:

>> MICHAEL wrote:

>>

>>> * Alias:

>>>> MICHAEL wrote:

>>>>> * Alias:

>>>>>> MICHAEL wrote:

>>>>>>> * Alias:

>>>>>>>> Back to the present. Use Ubuntu and never worry about a virus, root kit or any

>>>>>>>> other malware. http://www.ubuntu.com/

>>>>>>> http://www.sans.org/reading_room/whitepapers/linux/901.php Linux RootKits For

>>>>>>> Beginners - From Prevention to Removal

>>>>>>>

>>>>>>> One day while reading a mail list for the Linux Users Group in my hometown I

>>>>>>> discovered a call for help. It was a posting from a novice Linux user with a

>>>>>>> disturbing issue. While doing some routine checks on a Linux system, he found a

>>>>>>> user that had been added to the system with the user id of 0 (root). His first

>>>>>>> thought was that it might be a rootkit. He wanted to know what he could do to

>>>>>>> verify it was a rootkit and how to remove it from the system. He further asked for

>>>>>>> suggestions on preventative measures to ensure this kind of attack does not

>>>>>>> reoccur. That situation prompted me to write this paper to an understanding of

>>>>>>> rootkits and its effects. This paper will also discuss how to monitor for a

>>>>>>> rootkit, and the steps that need to be taken to remove one.

>>>>>>>

>>>>>> I never said that a firewall wasn't necessary. Ubuntu comes with one built-in. I

>>>>>> would also recommend a router hard firewall.

>>>>> "Use Ubuntu and never worry about a virus, root kit or any other malware." -Alias

>>>>>

>>>>> You said "never", you were wrong.

>>>>>

>>>>> "Absolute truth" is for absolute fools.

>>>>>

>>>>>

>>>>> -Michael

>>>> Is there an echo in here?

>>> Only the echoes of your foolish nonsense.

>>>

>>>> If one has Ubuntu that comes with a firewall

>>> So does Vista.

>>>

>>>> and a router with a firewall how, pray tell, will anyone install a root kit?

>>> You never stated that in your original reply.

>>>

>>> "Use Ubuntu and never worry about a virus, root kit or any other malware." -Alias

>>>

>>> I see no mention of using additional security measures.

>>>

>>> Now you bring up the "ifs". If a Window user properly secures their machine, they will

>>> not suffer from rootkits, either.

>>>

>>> Amazing that there are programs for Linux rootkit removal when there are no Linux machines

>>> getting infected.

>>>

>>> Amazing such warnings, as the below, exist if no Linux users were being infected.

>>>

>>> http://www.juniper.net/security/auto/vulnerabilities/vuln734.html Severity: HIGH

>>> Description: The Satori Linux Rootkit is a collection of publicly available Trojan

>>> utilities that target Linux systems. It is also known as Linux Rootkit 4 and is

>>> distributed by The Crackers Layer.

>> Please, at least try and stay current. Linux Rootkit IV was released in November 26,

>> 1998!!!! Really had to scratch around the Net to find one?

>>

>> http://www.ossec.net/rootkits/studies/lrk5.txt

>

> My problem with Alias is that he spoke in absolute terms,

> as if was impossible to for Linux to be infected by viruses,

> trojans, worms, or rootkits... he was wrong.

>

> The fact that there haven't been many major efforts at creating Linux worms

> isn't proof that they are impossible.

>

> http://www.ossec.net/rootkits/

>

> http://searchenterpriselinux.techtarget.com/qna/0,289202,sid39_gci954631,00.html

> They may not have the infamy of Code Red and Nimda, but there are Linux viruses and worms in

> the wild. Here are some of the more infamous pieces of malicious code that have a taste for Linux:

 

Your point is well taken (and should be by everyone), but in reading the

info you provided below, one would think the world was falling in on

linux. That is not exactly the case, and is not the case now.

>

> Slapper: The most dangerous Linux worm it's network-aware and in August 2002 it exploited a

> flaw in OpenSSL libraries in Apache servers with OpenSSL enabled.

http://news.com.com/2100-1001-958758.html

A Linux worm that started spreading a week ago has reached a plateau

after infecting about 7,000 servers and turning the hosts into a

peer-to-peer network that could be used to attack other computers.

Known as Linux.Slapper.Worm, Slapper and Apache/mod_ssl, the worm's

spread has fallen far short of the biggest attackers in recent times.

For example, Code Red infected 400,000 servers last summer. And

according to the "National Strategy to Secure Cyberspace," the Nimda

virus compromised 86,000 systems last fall.

Perhaps most telling, security experts are already talking about Slapper

in the past tense.

"I thought it was very interesting, but it didn't do terribly much,"

said Roger Thompson, director of malicious code research at security

services company TruSecure.

>

> Bliss: Also a well-known bug, it infects ELF executables, locating binaries with write access

> and overwrites those with its own code.

http://en.wikipedia.org/wiki/Bliss_(virus)

Bliss is a computer virus that infects GNU/Linux systems. Its source

code was posted on a Usenet usergroup by its author on February 5, 1997.

When executed, it attempts to attach itself to Linux executable files,

to which regular users do not have access. This prevents the executables

from running, so users notice it immediately. Although it was probably

intended to prove that Linux can be infected, it does not propagate very

effectively because of the structure of Linux's user privilege system.

The Bliss virus never became widespread, and remains chiefly a research

curiosity.

When the Bliss virus was released, antivirus software vendors put out a

number of press releases about it. The claim was that since a "Linux

virus" existed, Linux users should buy antivirus software. Linux users

generally do not use antivirus software, except on servers that serve

files to Windows clients.

It writes a neat log of all its actions to /tmp/.bliss and even has a

--bliss-uninfect-files-please command line option that sometimes might

come in handy, and actually does what it promises.

>

> Lindose: A rare cross-platform scourge, able to jump Windows PE and Linux ELF executables. It's

> a proof-of-concept worm and has not hit the wild.

http://www.viruslist.com/en/viruses/encyclopedia?virusid=57567

Virus.Multi.Pelf.2132

Aliases

Virus.Multi.Pelf.2132 (Kaspersky Lab) is also known as: Pelf.2132

(Kaspersky Lab), Linux/Lindose (McAfee), W32.Peelf.2132 (Symantec),

Win32/Linux.Benny.2132 (Doctor Web), Linux/Lindose (Sophos),

Linux/Lindose.2132.A (RAV), ELF_LINDOSE.A (Trend Micro), W32/Winux

(H+BEDV), Unix/Lindose (FRISK), Win32:Lindose (ALWIL),

Win32/Lindose (Grisoft), Linux.PEELF.2132 (SOFTWIN), W32.Winux

(ClamAV), ELF/Winux.2784 (Panda), Elf/Lindose.2132 (Eset)

Description added Mar 28 2001

Behavior Virus

Technical details

(aka Lindose)

This is a harmless non-memory resident parasitic multipartite virus. It

infects Windows executable files as well as Linux ones (Windows PE files

and Linux ELF files).

The virus is written in Assembler, and is about 2.5 Kb in size. It does

not manifest itself in any way, and it is like a multiplatform

Windows-Linux virus concept.

>

> Ramen: Not just a noodle, another network-aware worm jumping from Linux server to server.

http://www.ciac.org/ciac/bulletins/l-040.shtml

L-040: The Ramen Worm

February 2, 2001 21:00 GMT

PROBLEM: A Linux worm named 'Ramen' has been detected in the wild. CIAC

has had reports of compromised systems and numerous scans.

PLATFORM: Redhat Linux 6.2 and 7.0

DAMAGE: Ramen automatically attacks all vulnerable systems it can find.

Intruders can gain root access to vulnerable systems.

SOLUTION: This worm exploits known vulnerabilities in wu-ftpd, LPRng,

and rpc.statd. These services should be patched immediately. Patches are

available from Red Hat.

VULNERABILITY

ASSESSMENT: The risk is HIGH - The worm is in the wild and is being

actively used to exploit vulnerable systems.

CIAC, CERT, and others are receiving reports of systems compromised by

the Ramen Worm. The worm is in the wild and performs fully automated

breakins to vulnerable systems. As it is fully automated, it continues

to attack systems until all running copies are found and stopped.

Rebooting systems does not stop the worm as it installs code to

automatically restart itself after a reboot.

The binaries contained in the worm are specific to Linux 6.2 and 7.0.

However, someone with access to the source code for the binaries could

recompile them under other versions of UNIX to attack other platforms.

As far as we know, the source code for the binaries is not yet in the wild.

>

> Staog: Considered the first Linux virus, it infects ELF executables.

http://en.wikipedia.org/wiki/Staog

Staog was the first computer virus written for the Linux operating

system. It was discovered in the fall of 1996, and the vulnerabilities

that it exploited were shored up soon after. It has not been detected in

the wild since its initial outbreak.

Staog was able to infect Linux despite its security-oriented design

which requires users and programs to login as root before any drastic

operations can be taken. It worked by exploiting some kernel

vulnerabilities to stay resident. Then, it would infect executed binaries.

Since it relied on fundamental bugs, software upgrades made systems

immune to Staog. This, combined with its shot in the dark method of

transmitting itself, ensured that it died off rather quickly.

>

> Typot: A Linux Trojan that does distributed port scanning, generating TCP packets

> with a window size of 55808.

http://www.symantec.com/security_response/writeup.jsp?docid=2003-062018-4739-99

Trojan.Linux.Typot

Risk Level 1: Very Low

Discovered: June 20, 2003

Updated: February 13, 2007 12:02:46 PM

Also Known As: 55808, Stumbler

Type: Trojan Horse

Systems Affected: Linux

Trojan.Linux.Typot is a Trojan Horse that affects Linux systems. It

generates TCP packets with a window size of 55,808.

Protection

* Initial Rapid Release version June 23, 2003

* Latest Rapid Release version June 23, 2003

* Initial Daily Certified version June 23, 2003

* Latest Daily Certified version June 23, 2003

* Initial Weekly Certified release date June 25, 2003

Click here for a more detailed description of Rapid Release and Daily

Certified virus definitions.

Threat Assessment

Wild

* Wild Level: Low

* Number of Infections: 0 - 49

* Number of Sites: 0 - 2

* Geographical Distribution: Low

* Threat Containment: Easy

* Removal: Easy

Damage

* Damage Level: Low

Distribution

* Distribution Level: Low

> -------------------------

> http://www.linuxquestions.org/questions/showthread.php?t=399624

>

> http://secunia.com/search/?adv_search=1&s=1&search=linux&w=2&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

>

> http://secunia.com/search/?adv_search=1&s=1&search=linux&w=1&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

 

 

--

norm

> Alias doesn't know

 

Nuff Said.

 

Mike

"Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote:

>Using your thinking we should have stayed with Windows 3.1 because people

>didn't hardly ever get any viruses using that system.

 

ahhh, the good old days before the registry, when you could actually

fix stuff by editing .ini files, and programs didn't spray files all

over the place...

 

 

--

 

Whenever I dwell for any length of time on my own shortcomings,

they gradually begin to seem mild, harmless, rather engaging little things,

not at all like the staring defects in other people's characters.

 

....Margaret Halsey

norm wrote:

> MICHAEL wrote:

>

>>

>> * Mr. Happy:

>>

>>> MICHAEL wrote:

>>>

>>>> * Alias:

>>>>

>>>>> MICHAEL wrote:

>>>>>

>>>>>> * Alias:

>>>>>>

>>>>>>> MICHAEL wrote:

>>>>>>>

>>>>>>>> * Alias:

>>>>>>>>

>>>>>>>>> Back to the present. Use Ubuntu and never worry about a virus,

>>>>>>>>> root kit or any other malware. http://www.ubuntu.com/

>>>>>>>>

>>>>>>>> http://www.sans.org/reading_room/whitepapers/linux/901.php Linux

>>>>>>>> RootKits For Beginners - From Prevention to Removal

>>>>>>>>

>>>>>>>> One day while reading a mail list for the Linux Users Group in

>>>>>>>> my hometown I discovered a call for help. It was a posting from

>>>>>>>> a novice Linux user with a disturbing issue. While doing some

>>>>>>>> routine checks on a Linux system, he found a user that had been

>>>>>>>> added to the system with the user id of 0 (root). His first

>>>>>>>> thought was that it might be a rootkit. He wanted to know what

>>>>>>>> he could do to verify it was a rootkit and how to remove it from

>>>>>>>> the system. He further asked for

>>>>>>>> suggestions on preventative measures to ensure this kind of

>>>>>>>> attack does not reoccur. That situation prompted me to write

>>>>>>>> this paper to an understanding of rootkits and its effects. This

>>>>>>>> paper will also discuss how to monitor for a rootkit, and the

>>>>>>>> steps that need to be taken to remove one.

>>>>>>>>

>>>>>>> I never said that a firewall wasn't necessary. Ubuntu comes with

>>>>>>> one built-in. I would also recommend a router hard firewall.

>>>>>>

>>>>>> "Use Ubuntu and never worry about a virus, root kit or any other

>>>>>> malware." -Alias

>>>>>>

>>>>>> You said "never", you were wrong.

>>>>>>

>>>>>> "Absolute truth" is for absolute fools.

>>>>>>

>>>>>>

>>>>>> -Michael

>>>>>

>>>>> Is there an echo in here?

>>>>

>>>> Only the echoes of your foolish nonsense.

>>>>

>>>>> If one has Ubuntu that comes with a firewall

>>>>

>>>> So does Vista.

>>>>

>>>>> and a router with a firewall how, pray tell, will anyone install a

>>>>> root kit?

>>>>

>>>> You never stated that in your original reply.

>>>>

>>>> "Use Ubuntu and never worry about a virus, root kit or any other

>>>> malware." -Alias

>>>>

>>>> I see no mention of using additional security measures.

>>>>

>>>> Now you bring up the "ifs". If a Window user properly secures their

>>>> machine, they will not suffer from rootkits, either.

>>>>

>>>> Amazing that there are programs for Linux rootkit removal when there

>>>> are no Linux machines

>>>> getting infected.

>>>>

>>>> Amazing such warnings, as the below, exist if no Linux users were

>>>> being infected.

>>>>

>>>> http://www.juniper.net/security/auto/vulnerabilities/vuln734.html

>>>> Severity: HIGH Description: The Satori Linux Rootkit is a collection

>>>> of publicly available Trojan utilities that target Linux systems. It

>>>> is also known as Linux Rootkit 4 and is distributed by The Crackers

>>>> Layer.

>>>

>>> Please, at least try and stay current. Linux Rootkit IV was released

>>> in November 26, 1998!!!! Really had to scratch around the Net to find

>>> one?

>>>

>>> http://www.ossec.net/rootkits/studies/lrk5.txt

>>

>>

>> My problem with Alias is that he spoke in absolute terms,

>> as if was impossible to for Linux to be infected by viruses,

>> trojans, worms, or rootkits... he was wrong.

>>

>> The fact that there haven't been many major efforts at creating Linux

>> worms

>> isn't proof that they are impossible.

>>

>> http://www.ossec.net/rootkits/

>>

>> http://searchenterpriselinux.techtarget.com/qna/0,289202,sid39_gci954631,00.html

>>

>> They may not have the infamy of Code Red and Nimda, but there are

>> Linux viruses and worms in

>> the wild. Here are some of the more infamous pieces of malicious code

>> that have a taste for Linux:

>

>

> Your point is well taken (and should be by everyone), but in reading the

> info you provided below, one would think the world was falling in on

> linux. That is not exactly the case, and is not the case now.

>

>>

>> Slapper: The most dangerous Linux worm it's network-aware and in

>> August 2002 it exploited a

>> flaw in OpenSSL libraries in Apache servers with OpenSSL enabled.

>

> http://news.com.com/2100-1001-958758.html

> A Linux worm that started spreading a week ago has reached a plateau

> after infecting about 7,000 servers and turning the hosts into a

> peer-to-peer network that could be used to attack other computers.

> Known as Linux.Slapper.Worm, Slapper and Apache/mod_ssl, the worm's

> spread has fallen far short of the biggest attackers in recent times.

> For example, Code Red infected 400,000 servers last summer. And

> according to the "National Strategy to Secure Cyberspace," the Nimda

> virus compromised 86,000 systems last fall.

> Perhaps most telling, security experts are already talking about Slapper

> in the past tense.

> "I thought it was very interesting, but it didn't do terribly much,"

> said Roger Thompson, director of malicious code research at security

> services company TruSecure.

>

>>

>> Bliss: Also a well-known bug, it infects ELF executables, locating

>> binaries with write access

>> and overwrites those with its own code.

>

> http://en.wikipedia.org/wiki/Bliss_(virus)

> Bliss is a computer virus that infects GNU/Linux systems. Its source

> code was posted on a Usenet usergroup by its author on February 5, 1997.

> When executed, it attempts to attach itself to Linux executable files,

> to which regular users do not have access. This prevents the executables

> from running, so users notice it immediately. Although it was probably

> intended to prove that Linux can be infected, it does not propagate very

> effectively because of the structure of Linux's user privilege system.

> The Bliss virus never became widespread, and remains chiefly a research

> curiosity.

> When the Bliss virus was released, antivirus software vendors put out a

> number of press releases about it. The claim was that since a "Linux

> virus" existed, Linux users should buy antivirus software. Linux users

> generally do not use antivirus software, except on servers that serve

> files to Windows clients.

> It writes a neat log of all its actions to /tmp/.bliss and even has a

> --bliss-uninfect-files-please command line option that sometimes might

> come in handy, and actually does what it promises.

>

>>

>> Lindose: A rare cross-platform scourge, able to jump Windows PE and

>> Linux ELF executables. It's

>> a proof-of-concept worm and has not hit the wild.

>

> http://www.viruslist.com/en/viruses/encyclopedia?virusid=57567

> Virus.Multi.Pelf.2132

> Aliases

> Virus.Multi.Pelf.2132 (Kaspersky Lab) is also known as: Pelf.2132

> (Kaspersky Lab), Linux/Lindose (McAfee), W32.Peelf.2132 (Symantec),

> Win32/Linux.Benny.2132 (Doctor Web), Linux/Lindose (Sophos),

> Linux/Lindose.2132.A (RAV), ELF_LINDOSE.A (Trend Micro), W32/Winux

> (H+BEDV), Unix/Lindose (FRISK), Win32:Lindose (ALWIL), Win32/Lindose

> (Grisoft), Linux.PEELF.2132 (SOFTWIN), W32.Winux (ClamAV),

> ELF/Winux.2784 (Panda), Elf/Lindose.2132 (Eset)

> Description added Mar 28 2001

> Behavior Virus

> Technical details

> (aka Lindose)

> This is a harmless non-memory resident parasitic multipartite virus. It

> infects Windows executable files as well as Linux ones (Windows PE files

> and Linux ELF files).

> The virus is written in Assembler, and is about 2.5 Kb in size. It does

> not manifest itself in any way, and it is like a multiplatform

> Windows-Linux virus concept.

>

>>

>> Ramen: Not just a noodle, another network-aware worm jumping from

>> Linux server to server.

>

> http://www.ciac.org/ciac/bulletins/l-040.shtml

> L-040: The Ramen Worm

> February 2, 2001 21:00 GMT

> PROBLEM: A Linux worm named 'Ramen' has been detected in the wild.

> CIAC has had reports of compromised systems and numerous scans.

> PLATFORM: Redhat Linux 6.2 and 7.0

> DAMAGE: Ramen automatically attacks all vulnerable systems it can

> find. Intruders can gain root access to vulnerable systems.

> SOLUTION: This worm exploits known vulnerabilities in wu-ftpd,

> LPRng, and rpc.statd. These services should be patched immediately.

> Patches are available from Red Hat.

> VULNERABILITY

> ASSESSMENT: The risk is HIGH - The worm is in the wild and is being

> actively used to exploit vulnerable systems.

> CIAC, CERT, and others are receiving reports of systems compromised by

> the Ramen Worm. The worm is in the wild and performs fully automated

> breakins to vulnerable systems. As it is fully automated, it continues

> to attack systems until all running copies are found and stopped.

> Rebooting systems does not stop the worm as it installs code to

> automatically restart itself after a reboot.

> The binaries contained in the worm are specific to Linux 6.2 and 7.0.

> However, someone with access to the source code for the binaries could

> recompile them under other versions of UNIX to attack other platforms.

> As far as we know, the source code for the binaries is not yet in the wild.

>

>>

>> Staog: Considered the first Linux virus, it infects ELF executables.

>

> http://en.wikipedia.org/wiki/Staog

> Staog was the first computer virus written for the Linux operating

> system. It was discovered in the fall of 1996, and the vulnerabilities

> that it exploited were shored up soon after. It has not been detected in

> the wild since its initial outbreak.

> Staog was able to infect Linux despite its security-oriented design

> which requires users and programs to login as root before any drastic

> operations can be taken. It worked by exploiting some kernel

> vulnerabilities to stay resident. Then, it would infect executed binaries.

> Since it relied on fundamental bugs, software upgrades made systems

> immune to Staog. This, combined with its shot in the dark method of

> transmitting itself, ensured that it died off rather quickly.

>

>>

>> Typot: A Linux Trojan that does distributed port scanning, generating

>> TCP packets

>> with a window size of 55808.

>

> http://www.symantec.com/security_response/writeup.jsp?docid=2003-062018-4739-99

>

> Trojan.Linux.Typot

> Risk Level 1: Very Low

> Discovered: June 20, 2003

> Updated: February 13, 2007 12:02:46 PM

> Also Known As: 55808, Stumbler

> Type: Trojan Horse

> Systems Affected: Linux

> Trojan.Linux.Typot is a Trojan Horse that affects Linux systems. It

> generates TCP packets with a window size of 55,808.

> Protection

> * Initial Rapid Release version June 23, 2003

> * Latest Rapid Release version June 23, 2003

> * Initial Daily Certified version June 23, 2003

> * Latest Daily Certified version June 23, 2003

> * Initial Weekly Certified release date June 25, 2003

> Click here for a more detailed description of Rapid Release and Daily

> Certified virus definitions.

> Threat Assessment

> Wild

> * Wild Level: Low

> * Number of Infections: 0 - 49

> * Number of Sites: 0 - 2

> * Geographical Distribution: Low

> * Threat Containment: Easy

> * Removal: Easy

> Damage

> * Damage Level: Low

> Distribution

> * Distribution Level: Low

>

>> -------------------------

>> http://www.linuxquestions.org/questions/showthread.php?t=399624

>>

>> http://secunia.com/search/?adv_search=1&s=1&search=linux&w=2&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

>>

>>

>> http://secunia.com/search/?adv_search=1&s=1&search=linux&w=1&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

>>

>

>

>

Well, so much for that lying bs story from alias about linux boxes never

being infected.

But we all knew that was not true anyway.

Thanks norm! :-)

Frank

Peter Foldes wrote:

> Obviously this (latest one on June 06 2007 below and many more only for Ubuntu alone and not counting all the other Linux flavors is not advertised by the Linux groups. But if you go to the Ubunto forum there is quite a few that got hit by this. Using Paypal will get you to the proper Linux support to fix the problem. Paypal is Linux's best friend. At the end what is cheaper and more reliable.

>

> I have Red Hat installed and believe me it is not free to run even though it is a free download

>

> There is nothing that is free today. The same goes for Linux. Have an issue and need a fix it will cost you money. What is cheaper to run, well,, hard to say. They are both about the same in costs one way or another

> ------------------------------------------------------------------------------------------------------------------------------------------------

> Wed, 2007-06-27 00:01. usn

> Referenced CVEs:

> CVE-2007-2442, CVE-2007-2443, CVE-2007-2798

> Description:

> =========================================================== Ubuntu Security Notice USN-477-1 June 26, 2007 krb5 vulnerabilities CVE-2007-2442, CVE-2007-2443, CVE-2007-2798 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libkadm55 1.4.3-5ubuntu0.4 Ubuntu 6.10: libkadm55 1.4.3-9ubuntu1.3 Ubuntu 7.04: libkadm55 1.4.4-5ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wei Wang discovered that the krb5 RPC library did not correctly handle certain error conditions. A remote attacker could cause kadmind to free an uninitialized pointer, leading to a denial of service or possibly execution of arbitrary code with root priv

ileges. (CVE-2007-2442) Wei Wang discovered that the krb5 RPC library did not correctly check the size of certain communications. A remote attacker could send a specially crafted request to kadmind and execute arbitrary code with root privileges. (CVE-2007-2443) It was discovered that the kadmind service could be made to overflow its stack. A remote attacker could send a specially crafted request and execute arbitrary code with root privileges. (CVE-2007-2798)

>

 

Good reason to keep Ubuntu updated. Fortunately, that is an easy and

obvious thing to do.

 

Alias

Frank wrote:

> norm wrote:

>> MICHAEL wrote:

>>

>>>

>>> * Mr. Happy:

>>>

>>>> MICHAEL wrote:

>>>>

>>>>> * Alias:

>>>>>

>>>>>> MICHAEL wrote:

>>>>>>

>>>>>>> * Alias:

>>>>>>>

>>>>>>>> MICHAEL wrote:

>>>>>>>>

>>>>>>>>> * Alias:

>>>>>>>>>

>>>>>>>>>> Back to the present. Use Ubuntu and never worry about a virus,

>>>>>>>>>> root kit or any other malware. http://www.ubuntu.com/

>>>>>>>>>

>>>>>>>>> http://www.sans.org/reading_room/whitepapers/linux/901.php

>>>>>>>>> Linux RootKits For Beginners - From Prevention to Removal

>>>>>>>>>

>>>>>>>>> One day while reading a mail list for the Linux Users Group in

>>>>>>>>> my hometown I discovered a call for help. It was a posting from

>>>>>>>>> a novice Linux user with a disturbing issue. While doing some

>>>>>>>>> routine checks on a Linux system, he found a user that had been

>>>>>>>>> added to the system with the user id of 0 (root). His first

>>>>>>>>> thought was that it might be a rootkit. He wanted to know what

>>>>>>>>> he could do to verify it was a rootkit and how to remove it

>>>>>>>>> from the system. He further asked for

>>>>>>>>> suggestions on preventative measures to ensure this kind of

>>>>>>>>> attack does not reoccur. That situation prompted me to write

>>>>>>>>> this paper to an understanding of rootkits and its effects.

>>>>>>>>> This paper will also discuss how to monitor for a rootkit, and

>>>>>>>>> the steps that need to be taken to remove one.

>>>>>>>>>

>>>>>>>> I never said that a firewall wasn't necessary. Ubuntu comes with

>>>>>>>> one built-in. I would also recommend a router hard firewall.

>>>>>>>

>>>>>>> "Use Ubuntu and never worry about a virus, root kit or any other

>>>>>>> malware." -Alias

>>>>>>>

>>>>>>> You said "never", you were wrong.

>>>>>>>

>>>>>>> "Absolute truth" is for absolute fools.

>>>>>>>

>>>>>>>

>>>>>>> -Michael

>>>>>>

>>>>>> Is there an echo in here?

>>>>>

>>>>> Only the echoes of your foolish nonsense.

>>>>>

>>>>>> If one has Ubuntu that comes with a firewall

>>>>>

>>>>> So does Vista.

>>>>>

>>>>>> and a router with a firewall how, pray tell, will anyone install a

>>>>>> root kit?

>>>>>

>>>>> You never stated that in your original reply.

>>>>>

>>>>> "Use Ubuntu and never worry about a virus, root kit or any other

>>>>> malware." -Alias

>>>>>

>>>>> I see no mention of using additional security measures.

>>>>>

>>>>> Now you bring up the "ifs". If a Window user properly secures

>>>>> their machine, they will not suffer from rootkits, either.

>>>>>

>>>>> Amazing that there are programs for Linux rootkit removal when

>>>>> there are no Linux machines

>>>>> getting infected.

>>>>>

>>>>> Amazing such warnings, as the below, exist if no Linux users were

>>>>> being infected.

>>>>>

>>>>> http://www.juniper.net/security/auto/vulnerabilities/vuln734.html

>>>>> Severity: HIGH Description: The Satori Linux Rootkit is a

>>>>> collection of publicly available Trojan utilities that target Linux

>>>>> systems. It is also known as Linux Rootkit 4 and is distributed by

>>>>> The Crackers Layer.

>>>>

>>>> Please, at least try and stay current. Linux Rootkit IV was released

>>>> in November 26, 1998!!!! Really had to scratch around the Net to

>>>> find one?

>>>>

>>>> http://www.ossec.net/rootkits/studies/lrk5.txt

>>>

>>>

>>> My problem with Alias is that he spoke in absolute terms,

>>> as if was impossible to for Linux to be infected by viruses,

>>> trojans, worms, or rootkits... he was wrong.

>>>

>>> The fact that there haven't been many major efforts at creating Linux

>>> worms

>>> isn't proof that they are impossible.

>>>

>>> http://www.ossec.net/rootkits/

>>>

>>> http://searchenterpriselinux.techtarget.com/qna/0,289202,sid39_gci954631,00.html

>>>

>>> They may not have the infamy of Code Red and Nimda, but there are

>>> Linux viruses and worms in

>>> the wild. Here are some of the more infamous pieces of malicious code

>>> that have a taste for Linux:

>>

>>

>> Your point is well taken (and should be by everyone), but in reading

>> the info you provided below, one would think the world was falling in

>> on linux. That is not exactly the case, and is not the case now.

>>

>>>

>>> Slapper: The most dangerous Linux worm it's network-aware and in

>>> August 2002 it exploited a

>>> flaw in OpenSSL libraries in Apache servers with OpenSSL enabled.

>>

>> http://news.com.com/2100-1001-958758.html

>> A Linux worm that started spreading a week ago has reached a plateau

>> after infecting about 7,000 servers and turning the hosts into a

>> peer-to-peer network that could be used to attack other computers.

>> Known as Linux.Slapper.Worm, Slapper and Apache/mod_ssl, the worm's

>> spread has fallen far short of the biggest attackers in recent times.

>> For example, Code Red infected 400,000 servers last summer. And

>> according to the "National Strategy to Secure Cyberspace," the Nimda

>> virus compromised 86,000 systems last fall.

>> Perhaps most telling, security experts are already talking about

>> Slapper in the past tense.

>> "I thought it was very interesting, but it didn't do terribly much,"

>> said Roger Thompson, director of malicious code research at security

>> services company TruSecure.

>>

>>>

>>> Bliss: Also a well-known bug, it infects ELF executables, locating

>>> binaries with write access

>>> and overwrites those with its own code.

>>

>> http://en.wikipedia.org/wiki/Bliss_(virus)

>> Bliss is a computer virus that infects GNU/Linux systems. Its source

>> code was posted on a Usenet usergroup by its author on February 5,

>> 1997. When executed, it attempts to attach itself to Linux executable

>> files, to which regular users do not have access. This prevents the

>> executables from running, so users notice it immediately. Although it

>> was probably intended to prove that Linux can be infected, it does not

>> propagate very effectively because of the structure of Linux's user

>> privilege system. The Bliss virus never became widespread, and remains

>> chiefly a research curiosity.

>> When the Bliss virus was released, antivirus software vendors put out

>> a number of press releases about it. The claim was that since a "Linux

>> virus" existed, Linux users should buy antivirus software. Linux users

>> generally do not use antivirus software, except on servers that serve

>> files to Windows clients.

>> It writes a neat log of all its actions to /tmp/.bliss and even has a

>> --bliss-uninfect-files-please command line option that sometimes might

>> come in handy, and actually does what it promises.

>>

>>>

>>> Lindose: A rare cross-platform scourge, able to jump Windows PE and

>>> Linux ELF executables. It's

>>> a proof-of-concept worm and has not hit the wild.

>>

>> http://www.viruslist.com/en/viruses/encyclopedia?virusid=57567

>> Virus.Multi.Pelf.2132

>> Aliases

>> Virus.Multi.Pelf.2132 (Kaspersky Lab) is also known as: Pelf.2132

>> (Kaspersky Lab), Linux/Lindose (McAfee), W32.Peelf.2132 (Symantec),

>> Win32/Linux.Benny.2132 (Doctor Web), Linux/Lindose (Sophos),

>> Linux/Lindose.2132.A (RAV), ELF_LINDOSE.A (Trend Micro), W32/Winux

>> (H+BEDV), Unix/Lindose (FRISK), Win32:Lindose (ALWIL),

>> Win32/Lindose (Grisoft), Linux.PEELF.2132 (SOFTWIN), W32.Winux

>> (ClamAV), ELF/Winux.2784 (Panda), Elf/Lindose.2132 (Eset)

>> Description added Mar 28 2001

>> Behavior Virus

>> Technical details

>> (aka Lindose)

>> This is a harmless non-memory resident parasitic multipartite virus.

>> It infects Windows executable files as well as Linux ones (Windows PE

>> files and Linux ELF files).

>> The virus is written in Assembler, and is about 2.5 Kb in size. It

>> does not manifest itself in any way, and it is like a multiplatform

>> Windows-Linux virus concept.

>>

>>>

>>> Ramen: Not just a noodle, another network-aware worm jumping from

>>> Linux server to server.

>>

>> http://www.ciac.org/ciac/bulletins/l-040.shtml

>> L-040: The Ramen Worm

>> February 2, 2001 21:00 GMT

>> PROBLEM: A Linux worm named 'Ramen' has been detected in the wild.

>> CIAC has had reports of compromised systems and numerous scans.

>> PLATFORM: Redhat Linux 6.2 and 7.0

>> DAMAGE: Ramen automatically attacks all vulnerable systems it can

>> find. Intruders can gain root access to vulnerable systems.

>> SOLUTION: This worm exploits known vulnerabilities in wu-ftpd,

>> LPRng, and rpc.statd. These services should be patched immediately.

>> Patches are available from Red Hat.

>> VULNERABILITY

>> ASSESSMENT: The risk is HIGH - The worm is in the wild and is

>> being actively used to exploit vulnerable systems.

>> CIAC, CERT, and others are receiving reports of systems compromised by

>> the Ramen Worm. The worm is in the wild and performs fully automated

>> breakins to vulnerable systems. As it is fully automated, it continues

>> to attack systems until all running copies are found and stopped.

>> Rebooting systems does not stop the worm as it installs code to

>> automatically restart itself after a reboot.

>> The binaries contained in the worm are specific to Linux 6.2 and 7.0.

>> However, someone with access to the source code for the binaries could

>> recompile them under other versions of UNIX to attack other platforms.

>> As far as we know, the source code for the binaries is not yet in the

>> wild.

>>

>>>

>>> Staog: Considered the first Linux virus, it infects ELF executables.

>>

>> http://en.wikipedia.org/wiki/Staog

>> Staog was the first computer virus written for the Linux operating

>> system. It was discovered in the fall of 1996, and the vulnerabilities

>> that it exploited were shored up soon after. It has not been detected

>> in the wild since its initial outbreak.

>> Staog was able to infect Linux despite its security-oriented design

>> which requires users and programs to login as root before any drastic

>> operations can be taken. It worked by exploiting some kernel

>> vulnerabilities to stay resident. Then, it would infect executed

>> binaries.

>> Since it relied on fundamental bugs, software upgrades made systems

>> immune to Staog. This, combined with its shot in the dark method of

>> transmitting itself, ensured that it died off rather quickly.

>>

>>>

>>> Typot: A Linux Trojan that does distributed port scanning, generating

>>> TCP packets

>>> with a window size of 55808.

>>

>> http://www.symantec.com/security_response/writeup.jsp?docid=2003-062018-4739-99

>>

>> Trojan.Linux.Typot

>> Risk Level 1: Very Low

>> Discovered: June 20, 2003

>> Updated: February 13, 2007 12:02:46 PM

>> Also Known As: 55808, Stumbler

>> Type: Trojan Horse

>> Systems Affected: Linux

>> Trojan.Linux.Typot is a Trojan Horse that affects Linux systems. It

>> generates TCP packets with a window size of 55,808.

>> Protection

>> * Initial Rapid Release version June 23, 2003

>> * Latest Rapid Release version June 23, 2003

>> * Initial Daily Certified version June 23, 2003

>> * Latest Daily Certified version June 23, 2003

>> * Initial Weekly Certified release date June 25, 2003

>> Click here for a more detailed description of Rapid Release and Daily

>> Certified virus definitions.

>> Threat Assessment

>> Wild

>> * Wild Level: Low

>> * Number of Infections: 0 - 49

>> * Number of Sites: 0 - 2

>> * Geographical Distribution: Low

>> * Threat Containment: Easy

>> * Removal: Easy

>> Damage

>> * Damage Level: Low

>> Distribution

>> * Distribution Level: Low

>>

>>> -------------------------

>>> http://www.linuxquestions.org/questions/showthread.php?t=399624

>>>

>>> http://secunia.com/search/?adv_search=1&s=1&search=linux&w=2&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

>>>

>>>

>>> http://secunia.com/search/?adv_search=1&s=1&search=linux&w=1&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

>>>

>>

>>

>>

> Well, so much for that lying bs story from alias about linux boxes never

> being infected.

> But we all knew that was not true anyway.

> Thanks norm! :-)

> Frank

 

No proof has been offered here, only possibilities. Fact is you're much

safer with a Linux box than a Windows box hands down.

 

Alias

Alias wrote:

> Frank wrote:

>

>> norm wrote:

>>

>>> MICHAEL wrote:

>>>

>>>>

>>>> * Mr. Happy:

>>>>

>>>>> MICHAEL wrote:

>>>>>

>>>>>> * Alias:

>>>>>>

>>>>>>> MICHAEL wrote:

>>>>>>>

>>>>>>>> * Alias:

>>>>>>>>

>>>>>>>>> MICHAEL wrote:

>>>>>>>>>

>>>>>>>>>> * Alias:

>>>>>>>>>>

>>>>>>>>>>> Back to the present. Use Ubuntu and never worry about a

>>>>>>>>>>> virus, root kit or any other malware. http://www.ubuntu.com/

>>>>>>>>>>

>>>>>>>>>>

>>>>>>>>>> http://www.sans.org/reading_room/whitepapers/linux/901.php

>>>>>>>>>> Linux RootKits For Beginners - From Prevention to Removal

>>>>>>>>>>

>>>>>>>>>> One day while reading a mail list for the Linux Users Group in

>>>>>>>>>> my hometown I discovered a call for help. It was a posting

>>>>>>>>>> from a novice Linux user with a disturbing issue. While doing

>>>>>>>>>> some routine checks on a Linux system, he found a user that

>>>>>>>>>> had been added to the system with the user id of 0 (root). His

>>>>>>>>>> first thought was that it might be a rootkit. He wanted to

>>>>>>>>>> know what he could do to verify it was a rootkit and how to

>>>>>>>>>> remove it from the system. He further asked for

>>>>>>>>>> suggestions on preventative measures to ensure this kind of

>>>>>>>>>> attack does not reoccur. That situation prompted me to write

>>>>>>>>>> this paper to an understanding of rootkits and its effects.

>>>>>>>>>> This paper will also discuss how to monitor for a rootkit, and

>>>>>>>>>> the steps that need to be taken to remove one.

>>>>>>>>>>

>>>>>>>>> I never said that a firewall wasn't necessary. Ubuntu comes

>>>>>>>>> with one built-in. I would also recommend a router hard firewall.

>>>>>>>>

>>>>>>>>

>>>>>>>> "Use Ubuntu and never worry about a virus, root kit or any other

>>>>>>>> malware." -Alias

>>>>>>>>

>>>>>>>> You said "never", you were wrong.

>>>>>>>>

>>>>>>>> "Absolute truth" is for absolute fools.

>>>>>>>>

>>>>>>>>

>>>>>>>> -Michael

>>>>>>>

>>>>>>>

>>>>>>> Is there an echo in here?

>>>>>>

>>>>>>

>>>>>> Only the echoes of your foolish nonsense.

>>>>>>

>>>>>>> If one has Ubuntu that comes with a firewall

>>>>>>

>>>>>>

>>>>>> So does Vista.

>>>>>>

>>>>>>> and a router with a firewall how, pray tell, will anyone install

>>>>>>> a root kit?

>>>>>>

>>>>>>

>>>>>> You never stated that in your original reply.

>>>>>>

>>>>>> "Use Ubuntu and never worry about a virus, root kit or any other

>>>>>> malware." -Alias

>>>>>>

>>>>>> I see no mention of using additional security measures.

>>>>>>

>>>>>> Now you bring up the "ifs". If a Window user properly secures

>>>>>> their machine, they will not suffer from rootkits, either.

>>>>>>

>>>>>> Amazing that there are programs for Linux rootkit removal when

>>>>>> there are no Linux machines

>>>>>> getting infected.

>>>>>>

>>>>>> Amazing such warnings, as the below, exist if no Linux users were

>>>>>> being infected.

>>>>>>

>>>>>> http://www.juniper.net/security/auto/vulnerabilities/vuln734.html

>>>>>> Severity: HIGH Description: The Satori Linux Rootkit is a

>>>>>> collection of publicly available Trojan utilities that target

>>>>>> Linux systems. It is also known as Linux Rootkit 4 and is

>>>>>> distributed by The Crackers Layer.

>>>>>

>>>>>

>>>>> Please, at least try and stay current. Linux Rootkit IV was

>>>>> released in November 26, 1998!!!! Really had to scratch around the

>>>>> Net to find one?

>>>>>

>>>>> http://www.ossec.net/rootkits/studies/lrk5.txt

>>>>

>>>>

>>>>

>>>> My problem with Alias is that he spoke in absolute terms,

>>>> as if was impossible to for Linux to be infected by viruses,

>>>> trojans, worms, or rootkits... he was wrong.

>>>>

>>>> The fact that there haven't been many major efforts at creating

>>>> Linux worms

>>>> isn't proof that they are impossible.

>>>>

>>>> http://www.ossec.net/rootkits/

>>>>

>>>> http://searchenterpriselinux.techtarget.com/qna/0,289202,sid39_gci954631,00.html

>>>>

>>>> They may not have the infamy of Code Red and Nimda, but there are

>>>> Linux viruses and worms in

>>>> the wild. Here are some of the more infamous pieces of malicious

>>>> code that have a taste for Linux:

>>>

>>>

>>>

>>> Your point is well taken (and should be by everyone), but in reading

>>> the info you provided below, one would think the world was falling in

>>> on linux. That is not exactly the case, and is not the case now.

>>>

>>>>

>>>> Slapper: The most dangerous Linux worm it's network-aware and in

>>>> August 2002 it exploited a

>>>> flaw in OpenSSL libraries in Apache servers with OpenSSL enabled.

>>>

>>>

>>> http://news.com.com/2100-1001-958758.html

>>> A Linux worm that started spreading a week ago has reached a plateau

>>> after infecting about 7,000 servers and turning the hosts into a

>>> peer-to-peer network that could be used to attack other computers.

>>> Known as Linux.Slapper.Worm, Slapper and Apache/mod_ssl, the worm's

>>> spread has fallen far short of the biggest attackers in recent times.

>>> For example, Code Red infected 400,000 servers last summer. And

>>> according to the "National Strategy to Secure Cyberspace," the Nimda

>>> virus compromised 86,000 systems last fall.

>>> Perhaps most telling, security experts are already talking about

>>> Slapper in the past tense.

>>> "I thought it was very interesting, but it didn't do terribly much,"

>>> said Roger Thompson, director of malicious code research at security

>>> services company TruSecure.

>>>

>>>>

>>>> Bliss: Also a well-known bug, it infects ELF executables, locating

>>>> binaries with write access

>>>> and overwrites those with its own code.

>>>

>>>

>>> http://en.wikipedia.org/wiki/Bliss_(virus)

>>> Bliss is a computer virus that infects GNU/Linux systems. Its source

>>> code was posted on a Usenet usergroup by its author on February 5,

>>> 1997. When executed, it attempts to attach itself to Linux executable

>>> files, to which regular users do not have access. This prevents the

>>> executables from running, so users notice it immediately. Although it

>>> was probably intended to prove that Linux can be infected, it does

>>> not propagate very effectively because of the structure of Linux's

>>> user privilege system. The Bliss virus never became widespread, and

>>> remains chiefly a research curiosity.

>>> When the Bliss virus was released, antivirus software vendors put out

>>> a number of press releases about it. The claim was that since a

>>> "Linux virus" existed, Linux users should buy antivirus software.

>>> Linux users generally do not use antivirus software, except on

>>> servers that serve files to Windows clients.

>>> It writes a neat log of all its actions to /tmp/.bliss and even has a

>>> --bliss-uninfect-files-please command line option that sometimes

>>> might come in handy, and actually does what it promises.

>>>

>>>>

>>>> Lindose: A rare cross-platform scourge, able to jump Windows PE and

>>>> Linux ELF executables. It's

>>>> a proof-of-concept worm and has not hit the wild.

>>>

>>>

>>> http://www.viruslist.com/en/viruses/encyclopedia?virusid=57567

>>> Virus.Multi.Pelf.2132

>>> Aliases

>>> Virus.Multi.Pelf.2132 (Kaspersky Lab) is also known as: Pelf.2132

>>> (Kaspersky Lab), Linux/Lindose (McAfee), W32.Peelf.2132 (Symantec),

>>> Win32/Linux.Benny.2132 (Doctor Web), Linux/Lindose (Sophos),

>>> Linux/Lindose.2132.A (RAV), ELF_LINDOSE.A (Trend Micro),

>>> W32/Winux (H+BEDV), Unix/Lindose (FRISK), Win32:Lindose (ALWIL),

>>> Win32/Lindose (Grisoft), Linux.PEELF.2132 (SOFTWIN), W32.Winux

>>> (ClamAV), ELF/Winux.2784 (Panda), Elf/Lindose.2132 (Eset)

>>> Description added Mar 28 2001

>>> Behavior Virus

>>> Technical details

>>> (aka Lindose)

>>> This is a harmless non-memory resident parasitic multipartite virus.

>>> It infects Windows executable files as well as Linux ones (Windows PE

>>> files and Linux ELF files).

>>> The virus is written in Assembler, and is about 2.5 Kb in size. It

>>> does not manifest itself in any way, and it is like a multiplatform

>>> Windows-Linux virus concept.

>>>

>>>>

>>>> Ramen: Not just a noodle, another network-aware worm jumping from

>>>> Linux server to server.

>>>

>>>

>>> http://www.ciac.org/ciac/bulletins/l-040.shtml

>>> L-040: The Ramen Worm

>>> February 2, 2001 21:00 GMT

>>> PROBLEM: A Linux worm named 'Ramen' has been detected in the

>>> wild. CIAC has had reports of compromised systems and numerous scans.

>>> PLATFORM: Redhat Linux 6.2 and 7.0

>>> DAMAGE: Ramen automatically attacks all vulnerable systems it can

>>> find. Intruders can gain root access to vulnerable systems.

>>> SOLUTION: This worm exploits known vulnerabilities in wu-ftpd,

>>> LPRng, and rpc.statd. These services should be patched immediately.

>>> Patches are available from Red Hat.

>>> VULNERABILITY

>>> ASSESSMENT: The risk is HIGH - The worm is in the wild and is

>>> being actively used to exploit vulnerable systems.

>>> CIAC, CERT, and others are receiving reports of systems compromised

>>> by the Ramen Worm. The worm is in the wild and performs fully

>>> automated breakins to vulnerable systems. As it is fully automated,

>>> it continues to attack systems until all running copies are found and

>>> stopped. Rebooting systems does not stop the worm as it installs code

>>> to automatically restart itself after a reboot.

>>> The binaries contained in the worm are specific to Linux 6.2 and 7.0.

>>> However, someone with access to the source code for the binaries

>>> could recompile them under other versions of UNIX to attack other

>>> platforms. As far as we know, the source code for the binaries is not

>>> yet in the wild.

>>>

>>>>

>>>> Staog: Considered the first Linux virus, it infects ELF executables.

>>>

>>>

>>> http://en.wikipedia.org/wiki/Staog

>>> Staog was the first computer virus written for the Linux operating

>>> system. It was discovered in the fall of 1996, and the

>>> vulnerabilities that it exploited were shored up soon after. It has

>>> not been detected in the wild since its initial outbreak.

>>> Staog was able to infect Linux despite its security-oriented design

>>> which requires users and programs to login as root before any drastic

>>> operations can be taken. It worked by exploiting some kernel

>>> vulnerabilities to stay resident. Then, it would infect executed

>>> binaries.

>>> Since it relied on fundamental bugs, software upgrades made systems

>>> immune to Staog. This, combined with its shot in the dark method of

>>> transmitting itself, ensured that it died off rather quickly.

>>>

>>>>

>>>> Typot: A Linux Trojan that does distributed port scanning,

>>>> generating TCP packets

>>>> with a window size of 55808.

>>>

>>>

>>> http://www.symantec.com/security_response/writeup.jsp?docid=2003-062018-4739-99

>>>

>>> Trojan.Linux.Typot

>>> Risk Level 1: Very Low

>>> Discovered: June 20, 2003

>>> Updated: February 13, 2007 12:02:46 PM

>>> Also Known As: 55808, Stumbler

>>> Type: Trojan Horse

>>> Systems Affected: Linux

>>> Trojan.Linux.Typot is a Trojan Horse that affects Linux systems. It

>>> generates TCP packets with a window size of 55,808.

>>> Protection

>>> * Initial Rapid Release version June 23, 2003

>>> * Latest Rapid Release version June 23, 2003

>>> * Initial Daily Certified version June 23, 2003

>>> * Latest Daily Certified version June 23, 2003

>>> * Initial Weekly Certified release date June 25, 2003

>>> Click here for a more detailed description of Rapid Release and Daily

>>> Certified virus definitions.

>>> Threat Assessment

>>> Wild

>>> * Wild Level: Low

>>> * Number of Infections: 0 - 49

>>> * Number of Sites: 0 - 2

>>> * Geographical Distribution: Low

>>> * Threat Containment: Easy

>>> * Removal: Easy

>>> Damage

>>> * Damage Level: Low

>>> Distribution

>>> * Distribution Level: Low

>>>

>>>> -------------------------

>>>> http://www.linuxquestions.org/questions/showthread.php?t=399624

>>>>

>>>> http://secunia.com/search/?adv_search=1&s=1&search=linux&w=2&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

>>>>

>>>>

>>>> http://secunia.com/search/?adv_search=1&s=1&search=linux&w=1&vuln_title=1&vuln_software_os=1&critical%5B%5D=0&impact%5B%5D=0&where%5B%5D=0

>>>>

>>>

>>>

>>>

>>>

>> Well, so much for that lying bs story from alias about linux boxes

>> never being infected.

>> But we all knew that was not true anyway.

>> Thanks norm! :-)

>> Frank

>

>

> No proof has been offered here, only possibilities. Fact is you're much

> safer with a Linux box than a Windows box hands down.

>

> Alias

 

 

We all now know that you're an ignorant, lying, bigot POS.

Shall we also add "blind" to that list of character flaws as a disabilitie?

Or should we just count it as a reading comprehension problem compounded

by your sheer stupidity?

One things for sure, you really are a side show freak!

Frank

Incredible - Just FYI

 

Another IDIOT and his preaching about Windows Server Beta. Must get a

WOODIE each time he talks about it

 

Just FYI

 

 

"Kevin John Panzke" <kevpan815@hotmail.com> wrote in message

news:ey$H93xvHHA.5008@TK2MSFTNGP05.phx.gbl...

> Try Out Windows Server 2008 Beta 3 Public Beta, And You Will Like

> Microsoft A Whole Lot Better.

>

> "DanielN" <DanielN@discussions.microsoft.com> wrote in message

> news:1C18C11F-015D-40FC-86B6-3C2AF1A575A2@microsoft.com...

>> Hi People,

>>

>> I have been a computer engineer for around 7 years professionally with

>> around 7 years prior to that self teaching myself all I could about

>> Windows.

>> I am now MCP qualified and hopefully will soon be MCSA/MCSE/MCDBA/CCNA

>> qualified as well.

>>

>> I have used Vista only a couple of times although getting a very bad

>> feeling

>> about it having read many bad things and experiencing some worrying

>> things

>> like it takes more time for vista to spawn and animate the copying file

>> dialog then it does for say windows xp to even have copied the file

>> already.

>> this is only minor though.

>>

>> Today one of my customers who has a vista machine (I dont) got in touch

>> saying windows was bringing up an error saying that:

>>

>> 'Windows explorer has stopped working' and then 'Windows explorer is

>> restarting.'

>>

>> Now I know there is a virus/spyware/adware on it. cause i can see an icon

>> for counterfit antispyware.

>>

>> the problem is even if I go into safemode to clean it (remove program and

>> run scans of various kinds) which would have worked pretty much most of

>> the

>> time in previous versions of windows doesnt work cause you have the same

>> problem.

>>

>> i am getting the feeling MS have screwed up with Vista like they did with

>> Windows ME.

>>

>>

>> I am shocked that years down the line after ME and I am sure MS knew what

>> the score was with ME. They have managed to do it again. They should have

>> stuck with XP - perhaps brought out some addons/updates if they really

>> thought people were desperate for new stuff, and put in some serious work

>> into Vienna. I have heard that there were so many problems with Vista

>> they

>> enlisted the help of the Vienna development team to help fix stuff.

>> Obviously

>> there was to much to fix.

>>

>> Now I have had my little rant. Maybe MS will sort this.

>>

>> My advice demand Win XP Pro on new machines. Do not be told that u must

>> have

>> Vista cause it is the best around.

>>

>> Dan

>>

>> Ps. I have also had a customer have a problem authenticating with a WPA

>> encrypted wireless network as well. Which turned out to be an

>> incompatibility

>> between the wireless card and Vista even though the wireless card was

>> built

>> into the laptop and it had a logo saying it was certified for Vista, and

>> this

>> was a big OEM's laptop. So what hope is there!

>

* norm:

> MICHAEL wrote:

>> * Mr. Happy:

>>> MICHAEL wrote:

>>>

>>>> * Alias:

>>>>> MICHAEL wrote:

>>>>>> * Alias:

>>>>>>> MICHAEL wrote:

>>>>>>>> * Alias:

>>>>>>>>> Back to the present. Use Ubuntu and never worry about a virus, root kit or any

>>>>>>>>> other malware. http://www.ubuntu.com/

>>>>>>>> http://www.sans.org/reading_room/whitepapers/linux/901.php Linux RootKits For

>>>>>>>> Beginners - From Prevention to Removal

>>>>>>>>

>>>>>>>> One day while reading a mail list for the Linux Users Group in my hometown I

>>>>>>>> discovered a call for help. It was a posting from a novice Linux user with a

>>>>>>>> disturbing issue. While doing some routine checks on a Linux system, he found a

>>>>>>>> user that had been added to the system with the user id of 0 (root). His first

>>>>>>>> thought was that it might be a rootkit. He wanted to know what he could do to

>>>>>>>> verify it was a rootkit and how to remove it from the system. He further asked for

>>>>>>>> suggestions on preventative measures to ensure this kind of attack does not

>>>>>>>> reoccur. That situation prompted me to write this paper to an understanding of

>>>>>>>> rootkits and its effects. This paper will also discuss how to monitor for a

>>>>>>>> rootkit, and the steps that need to be taken to remove one.

>>>>>>>>

>>>>>>> I never said that a firewall wasn't necessary. Ubuntu comes with one built-in. I

>>>>>>> would also recommend a router hard firewall.

>>>>>> "Use Ubuntu and never worry about a virus, root kit or any other malware." -Alias

>>>>>>

>>>>>> You said "never", you were wrong.

>>>>>>

>>>>>> "Absolute truth" is for absolute fools.

>>>>>>

>>>>>>

>>>>>> -Michael

>>>>> Is there an echo in here?

>>>> Only the echoes of your foolish nonsense.

>>>>

>>>>> If one has Ubuntu that comes with a firewall

>>>> So does Vista.

>>>>

>>>>> and a router with a firewall how, pray tell, will anyone install a root kit?

>>>> You never stated that in your original reply.

>>>>

>>>> "Use Ubuntu and never worry about a virus, root kit or any other malware." -Alias

>>>>

>>>> I see no mention of using additional security measures.

>>>>

>>>> Now you bring up the "ifs". If a Window user properly secures their machine, they will

>>>> not suffer from rootkits, either.

>>>>

>>>> Amazing that there are programs for Linux rootkit removal when there are no Linux machines

>>>> getting infected.

>>>>

>>>> Amazing such warnings, as the below, exist if no Linux users were being infected.

>>>>

>>>> http://www.juniper.net/security/auto/vulnerabilities/vuln734.html Severity: HIGH

>>>> Description: The Satori Linux Rootkit is a collection of publicly available Trojan

>>>> utilities that target Linux systems. It is also known as Linux Rootkit 4 and is

>>>> distributed by The Crackers Layer.

>>> Please, at least try and stay current. Linux Rootkit IV was released in November 26,

>>> 1998!!!! Really had to scratch around the Net to find one?

>>>

>>> http://www.ossec.net/rootkits/studies/lrk5.txt

>> My problem with Alias is that he spoke in absolute terms,

>> as if was impossible to for Linux to be infected by viruses,

>> trojans, worms, or rootkits... he was wrong.

>>

>> The fact that there haven't been many major efforts at creating Linux worms

>> isn't proof that they are impossible.

>>

>> http://www.ossec.net/rootkits/

>>

>> http://searchenterpriselinux.techtarget.com/qna/0,289202,sid39_gci954631,00.html

>> They may not have the infamy of Code Red and Nimda, but there are Linux viruses and worms in

>> the wild. Here are some of the more infamous pieces of malicious code that have a taste for Linux:

>

> Your point is well taken (and should be by everyone), but in reading the

> info you provided below, one would think the world was falling in on

> linux. That is not exactly the case, and is not the case now.

 

Norm,

 

My intention was not to to claim Linux is worse than Windows,

or that the sky is falling on the penguins. The dolt was wrong,

and he needed to know.

 

 

-Michael